Allow server-side encryption

Close #175. Close #99. Squashed commit of the following:

commit 7c5e11dded8aff22b77bb3d01233350f86af04f4
Author: Varun Patil <varunpatil@ucla.edu>
Date:   Mon Nov 21 02:12:34 2022 -0800

    Fix lint

commit b421a6d61c1143aac38d954bee032f582b71b492
Merge: 9e91d1d 019cdd3
Author: Varun Patil <varunpatil@ucla.edu>
Date:   Mon Nov 21 02:11:37 2022 -0800

    Merge branch 'eltos-patch-99' of https://github.com/eltos/memories into eltos-eltos-patch-99

commit 019cdd31f2
Author: eltos <eltos@outlook.de>
Date:   Sat Nov 19 18:32:36 2022 +0100

    Check for e2e encryption before indexing

commit 5078d986da
Author: eltos <eltos@outlook.de>
Date:   Sat Nov 19 18:28:57 2022 +0100

    Check for e2e encryption when changing exif data

commit 1167365f7e
Merge: d465400 e210c32
Author: Philipp Niedermayer <eltos@outlook.de>
Date:   Sat Nov 19 15:52:58 2022 +0100

    Merge branch 'pulsejet:master' into eltos-patch-99

commit d465400969
Author: Philipp Niedermayer <eltos@outlook.de>
Date:   Mon Nov 7 22:21:20 2022 +0100

    Allow server-side encryption

    See https://github.com/pulsejet/memories/issues/99
pull/231/head
Varun Patil 2022-11-21 02:13:43 -08:00
parent 9e91d1d435
commit cf4ae6a84a
4 changed files with 28 additions and 2 deletions

View File

@ -178,8 +178,9 @@ class Index extends Command
// Time measurement // Time measurement
$startTime = microtime(true); $startTime = microtime(true);
if ($this->encryptionManager->isEnabled()) { if (\OCA\Memories\Util::isEncryptionEnabled($this->encryptionManager)) {
error_log('FATAL: Encryption is enabled. Aborted.'); // Can work with server-side but not with e2e encryption, see https://github.com/pulsejet/memories/issues/99
error_log('FATAL: Only server-side encryption (OC_DEFAULT_MODULE) is supported, but another encryption module is enabled. Aborted.');
return 1; return 1;
} }

View File

@ -32,6 +32,7 @@ use OCP\App\IAppManager;
use OCP\AppFramework\Controller; use OCP\AppFramework\Controller;
use OCP\AppFramework\Http; use OCP\AppFramework\Http;
use OCP\AppFramework\Http\JSONResponse; use OCP\AppFramework\Http\JSONResponse;
use OCP\Encryption\IManager;
use OCP\Files\File; use OCP\Files\File;
use OCP\Files\Folder; use OCP\Files\Folder;
use OCP\Files\IRootFolder; use OCP\Files\IRootFolder;
@ -48,6 +49,7 @@ class ApiBase extends Controller
protected IUserSession $userSession; protected IUserSession $userSession;
protected IRootFolder $rootFolder; protected IRootFolder $rootFolder;
protected IAppManager $appManager; protected IAppManager $appManager;
protected IManager $encryptionManager;
protected TimelineQuery $timelineQuery; protected TimelineQuery $timelineQuery;
protected TimelineWrite $timelineWrite; protected TimelineWrite $timelineWrite;
protected IShareManager $shareManager; protected IShareManager $shareManager;
@ -60,6 +62,7 @@ class ApiBase extends Controller
IDBConnection $connection, IDBConnection $connection,
IRootFolder $rootFolder, IRootFolder $rootFolder,
IAppManager $appManager, IAppManager $appManager,
IManager $encryptionManager,
IShareManager $shareManager, IShareManager $shareManager,
IPreview $preview IPreview $preview
) { ) {
@ -70,6 +73,7 @@ class ApiBase extends Controller
$this->connection = $connection; $this->connection = $connection;
$this->rootFolder = $rootFolder; $this->rootFolder = $rootFolder;
$this->appManager = $appManager; $this->appManager = $appManager;
$this->encryptionManager = $encryptionManager;
$this->shareManager = $shareManager; $this->shareManager = $shareManager;
$this->previewManager = $preview; $this->previewManager = $preview;
$this->timelineQuery = new TimelineQuery($connection); $this->timelineQuery = new TimelineQuery($connection);

View File

@ -75,6 +75,11 @@ class ImageController extends ApiBase
return new JSONResponse([], Http::STATUS_FORBIDDEN); return new JSONResponse([], Http::STATUS_FORBIDDEN);
} }
// Check for end-to-end encryption
if (\OCA\Memories\Util::isEncryptionEnabled($this->encryptionManager)) {
return new JSONResponse(['message' => 'Cannot change encrypted file'], Http::STATUS_PRECONDITION_FAILED);
}
// Get original file from body // Get original file from body
$exif = $this->request->getParam('raw'); $exif = $this->request->getParam('raw');
$path = $file->getStorage()->getLocalFile($file->getInternalPath()); $path = $file->getStorage()->getLocalFile($file->getInternalPath());

View File

@ -105,4 +105,20 @@ class Util
return true; return true;
} }
/**
* Check if any encryption is enabled that we can not cope with
* such as end-to-end encryption.
*
* @param mixed $encryptionManager
*/
public static function isEncryptionEnabled(&$encryptionManager): bool
{
if ($encryptionManager->isEnabled()) {
// Server-side encryption (OC_DEFAULT_MODULE) is okay, others like e2e are not
return 'OC_DEFAULT_MODULE' !== $encryptionManager->getDefaultEncryptionModuleId();
}
return false;
}
} }